diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2024-07-16 07:21:58 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-12-03 10:35:49 +0100 |
| commit | 3d090579e329dbc4aae5b349855f66eeed3d984e (patch) | |
| tree | 9b8204dfbbdcfd7eb3b06366e100612a58feedca /providers | |
| parent | fips-label.yml: Fix ABI change label removal (diff) | |
| download | openssl-3d090579e329dbc4aae5b349855f66eeed3d984e.tar.xz openssl-3d090579e329dbc4aae5b349855f66eeed3d984e.zip | |
providers: stop probing for getentropy(3) on recent FreeBSD
FreeBSD has supported both getrandom(2) and getentropy(3) since 12.0.
The last version which did *not* have these went EoL in September 2021.
Use getrandom(2) unconditionally and fallback to sysctl kern.arandom if
we do happen to have a FreeBSD that old.
This is generally a necessary step for FreeBSD's _FORTIFY_SOURCE
implementation, which needs to do some symbol renaming tricks with the
getentropy declaration that would otherwise add some platform-specific
hacks here to accommodate. getentropy(3) uses getrandom(2) internally
on FreeBSD, so we just cut out the middleman.
While we're here, it doesn't seem to make sense to ever prefer the
sysctl on FreeBSD or NetBSD. For both platforms, it's limited to 256
bytes in a single request while getrandom(2) will generally use the same
backend but service the entire request in one shot, even for larger
amounts of entropy, modulo the EINTR possibility that presents itself
with larger requests.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24903)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/rands/seeding/rand_unix.c | 51 |
1 files changed, 28 insertions, 23 deletions
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index 41b0111092..c3a5d8b3bf 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -21,24 +21,29 @@ #include "internal/nelem.h" #include "prov/seeding.h" -#ifdef __linux -# include <sys/syscall.h> -# ifdef DEVRANDOM_WAIT -# include <sys/shm.h> -# include <sys/utsname.h> +#ifndef OPENSSL_SYS_UEFI +# ifdef __linux +# include <sys/syscall.h> +# ifdef DEVRANDOM_WAIT +# include <sys/shm.h> +# include <sys/utsname.h> +# endif +# endif +# if defined(__FreeBSD__) || defined(__NetBSD__) +# include <sys/types.h> +# include <sys/sysctl.h> +# include <sys/param.h> +# endif +# if defined(__FreeBSD__) && __FreeBSD_version >= 1200061 +# include <sys/random.h> +# endif +# if defined(__OpenBSD__) +# include <sys/param.h> +# endif +# if defined(__DragonFly__) +# include <sys/param.h> +# include <sys/random.h> # endif -#endif -#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) -# include <sys/types.h> -# include <sys/sysctl.h> -# include <sys/param.h> -#endif -#if defined(__OpenBSD__) -# include <sys/param.h> -#endif -#if defined(__DragonFly__) -# include <sys/param.h> -# include <sys/random.h> #endif #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ @@ -343,12 +348,11 @@ static ssize_t syscall_random(void *buf, size_t buflen) * - Solaris since 11.3 * - OpenBSD since 5.6 * - Linux since 3.17 with glibc 2.25 - * - FreeBSD since 12.0 (1200061) * * Note: Sometimes getentropy() can be provided but not implemented * internally. So we need to check errno for ENOSYS */ -# if !defined(__DragonFly__) && !defined(__NetBSD__) +# if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__) # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); @@ -380,16 +384,17 @@ static ssize_t syscall_random(void *buf, size_t buflen) if (p_getentropy.p != NULL) return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; # endif -# endif /* !__DragonFly__ */ +# endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */ /* Linux supports this since version 3.17 */ # if defined(__linux) && defined(__NR_getrandom) return syscall(__NR_getrandom, buf, buflen, 0); -# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) - return sysctl_random(buf, buflen); # elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ - || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) + || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \ + || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061) return getrandom(buf, buflen, 0); +# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) + return sysctl_random(buf, buflen); # elif defined(__wasi__) if (getentropy(buf, buflen) == 0) return (ssize_t)buflen; |